Hi! I just got a new computer recently, and I’m concerned about browser security and security in general. Any recommendations for a good secure browser? Preferably open source.
Can’t go wrong with ol Firefox
Firefox with few EFF plugins would be my choice.
Firefox.
LibreWolf is a privacy oriented fork of FireFox. If you like FireFox, you could give it a shot.
Iirc the most secure browser in a vacuum is Edge, mostly because of its integration with defender. https://www.youtube.com/watch?v=MAu2KYrNgY0
However privacy ≠ security, and I wouldn’t trade all my privacy for it (also a non private browser shares more information with the actors you interact with by default, which means you have always more personal data to lose).
My recommendation for a secure and private everyday browser, both on mobile and desktop, is Brave. They check every box in privacytests.org and are built on top of chromium, which is (sadly) more secure than Firefox or any of its derivative (apart from tor, ofc).
Edit: if you don’t have any particular threat model I’d suggest just go with firefox (or librewolf if you don’t want to spend time hardening it https://www.youtube.com/watch?v=F7-bW2y6lcI) from desktop and brave from mobile (I really don’t like firefox mobile).
Here’s a good general overview https://tilvids.com/videos/watch/88991d6f-b6f4-4673-9ba3-8d9a33cff19e (as I said privacy ≠ security, but if you don’t start from a private browser security is useless unless you have very specific threat model)
Sandbox your browser in a VM or something. Don’t use the same browser/VM for banking/personal stuff and everyday browsing. Most browsers should work. (Except Chrome/Edge/Opera/Yandex). Personally I prefer Firefox. LibreWolf can also be an option, but you have to opt-in to see videos with DRM etc. Tor is also an option, but the downsides are captchas and websites that block you.
If you’re even more extreme you can also use uBlock Origin in “hard mode” and the no script toggle. That will block JavaScript and prevent websites from connecting to any 3rd parties, anything from tracking servers to CDNs. That will definitely break websites, so you’ll have to know how to unbreak them, which can be quite the learning curve for some people.
Why not Chrome/Edge/Opera/Yandex you say? Chrome is owned by an advertising company. Edge tracks you plenty. Opera and Yandex are made by companies in authoritarian states.
To add to this if you go the vm route I’d recommend silverblue or another immutable OS
Could give Mull Browser a try? Its a fork of Firefox, but without any of the telemetry.
Also, browseraudit.com is a nice online tester that tests browsers in an array of things.
Security or privacy? If security is all you care about then any modern browser is fine so long as you keep it up to date. If privacy is a concern then get LibreWolf + uBlock Origin and you’re good to go.
I think it might be helpful for you and others if you elaborate a bit more on your threat models and your potential uses - is it for general browsing and work? Does your work encounter “insecure” content often?
Same question, all modern browsers are reasonably secure for the average person’s security concerns (privacy on the other hand… Eek).
This site is invaluable ⬇️
Open-source tests of web browser privacy: https://privacytests.org/
Firefox
Depends what you mean by security.
If you mean privacy, no such thing exists. All browsers snitch on you, and trying to actually have a private life will land you in jail soon enough.
If you want to do online banking, any of the big three will do if updated regularly.
I’d choose firefox as a symbolic protest against tech oligarchy.Firefox (hardened with this guide: https://www.privacyguides.org/en/desktop-browsers/#firefox) or Brave.
This is really close.
I do this shit for a living.
OP, go download Firefox and then go to https://stigviewer.com/stigs
And find Firefox. This will cover all known low level security controls. This will keep you from ever being vulnerable in the first place. Just follow the fix text for each control you care about and you’re done.While you’re at it, go through the windows controls. Hope you know regedit.
DuckDuckGo has released their own browser on Windows and Mac. You can check it out.
Tor network